On Aug 28, it was revealed that Federal Bureau of Investigation (FBI) officials are investigating a series of major data breaches that targeted between four and five major U.S. financial institutions earlier in the month. Of the institutions affected, JPMorgan Chase is the only one to be identified as of yet, the extent of the damage is not currently clear.
While the source of the story was unable to make comments publicly, USA Today reports that those close to the investigation believe that Russian hackers may have been responsible for the breaches. What is known is that the breaches likely took place within the last month and may have been the manifestation of phishing attacks targeting financial employees.
JPMorgan says that as of yet it has been unable to detect any suspicious activity related to the breach. According to the Wall Street Journal the bank is working closely with the FBI to determine the scope of the hack and its potential ramifications.
“Companies of our size unfortunately experience cyberattacks nearly every day,” said Trish Wexler, a JPMorgan spokeswoman, in a statement to the Wall Street Journal. “We have multiple layers of defense to counteract any threats and constantly monitor fraud levels.” Wexler did not confirm that the attacks had taken place.
According to sources close to the investigation, the infiltration of JPMorgan’s systems was likely malware-based, and could have gained access to the bank’s information stores through an employee workstation. Phishing attempts could have prompted employees to download Trojan viruses through email and left the door open for more aggressive entry into the bank’s data systems. The motivation for gaining that access is also unclear at this time.
In a letter to shareholders about cybersecurity earlier this year, JPMorgan Chase CEO Jamie Dimon said that, “by the end of 2014, we will have spent more than $250 million annually with approximately 1,000 people focused on the effort.” Dimon went on to say that the issue will require even more focus in the years to come.
Though the extent of the damage has yet to be determined, events like this serve to underscore how critical cybersecurity programs are. They also show that even with considerable resources and effort, getting ahead of cybercrime can be a Sisyphean ordeal.